Back to KEVs

CVE-2008-3873

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a...

Basic Information

CVE State
PUBLISHED
Reserved Date
August 29, 2008
Published Date
August 29, 2008
Last Updated
August 07, 2024
Vendor
Adobe
Product
Flash Player
Description
The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploit Status

Exploited in the Wild
Yes (2008-08-29 17:00:00 UTC) Source

References

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid= http://secunia.com/advisories/33390 http://www.adobe.com/support/security/bulletins/apsb08-18.html http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm http://secunia.com/advisories/32702 https://exchange.xforce.ibmcloud.com/vulnerabilities/44584 http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html http://secunia.com/advisories/34226 http://www.vupen.com/english/advisories/2008/2838 http://blogs.zdnet.com/security/?p=1733 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securitytracker.com/id?1020724 http://secunia.com/advisories/32759 http://www.redhat.com/support/errata/RHSA-2008-0945.html http://www.redhat.com/support/errata/RHSA-2008-0980.html http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm http://www.securityfocus.com/bid/31117 http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 http://secunia.com/advisories/32448 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://blogs.zdnet.com/security/?p=1759

Known Exploited Vulnerability Information

Source Added Date
CVE 2008-08-29 17:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel